Welcome! Log In Create A New Profile

Re: disable file uploads

Forum List Message List New Topic Print View

Robert Paprocki

March 23, 2015 10:58PM

Sounds like you either have a vulnerable web application or hole in your systems security. If the root of your problem is that your having content uploaded to your server without your consent, you're asking the wrong question.

If your app does allow for arbitrary file upload, you can disallow certain file extensions, but that should be handled in whatever Wordpress plugin you're using.

> On Mar 23, 2015, at 18:15, Steve Holdoway <steve@greengecko.co.nz> wrote:
>
>> On Tue, 2015-03-24 at 00:00 +0000, Francis Daly wrote:
>>> On Tue, Mar 24, 2015 at 12:47:38PM +1300, Steve Holdoway wrote:
>>>> On Mon, 2015-03-23 at 22:52 +0000, Francis Daly wrote:
>>>> On Tue, Mar 24, 2015 at 09:13:50AM +1300, Steve Holdoway wrote:
>>
>> Hi there,
>>
>>>>> Is there any way to stop / disable random file uploads... for example,
>>>>> I'm having 'fun' with mail relays being uploaded to the cache area of a
>>>>> wordpress site?
>>>>
>>>> What the difference between a request that is a file upload and a request
>>>> that is not a file upload, on your system?
>>
>>> # set the static ones first, then the catchall
>>> # Directives to send expires headers and turn off 404 error
>>> logging.
>>> location ~* ^/(?:uploads|files|cache|plugins)/.*\.(png|gif|jpg|
>>> jpeg|css|js|swf|ico|txt|xml|bmp|pdf|doc|docx|ppt|pptx|zip|woff|ttf|otf|
>>> xls|myo|qbb|pst|dat|qbx|bc7|cf7)$ {
>>> expires 24h;
>>> log_not_found off;
>>> }
>>
>> For requests that match this location block, serve from the filesystem.
>>
>>> location ~* ^/wp-content/(files|uploads|cache|plugins)/.*.(|php|
>>> js|swf)$ {
>>> types { }
>>> default_type text/plain;
>>> }
>>
>> For requests that match this location block, serve from the filesystem.
>>
>> None of that seems to say "handle file uploads".
>>
>> I confess I'm somewhat confused about what your question is.
>>
>> What request do you make of nginx, that does not give you the response
>> that you want?
>>
>> f
> Sorry,
>
> This is the best block I can find, where the intention is that php files
> are just served as text, not processed, which should be good and
> annoying for the users as well.
>
> As I said, I can't work out how on earth to stop them being uploaded in
> the first place.
>
> Steve
>
> --
> Steve Holdoway BSc(Hons) MIITP
> http://www.greengecko.co.nz
> Linkedin: http://www.linkedin.com/in/steveholdoway
> Skype: sholdowa
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
disable file uploads	GreenGecko	March 23, 2015 04:16PM
Re: disable file uploads	Francis Daly	March 23, 2015 06:54PM
Re: disable file uploads	GreenGecko	March 23, 2015 07:48PM
Re: disable file uploads	Francis Daly	March 23, 2015 08:02PM
Re: disable file uploads	GreenGecko	March 23, 2015 09:16PM
Re: disable file uploads	Robert Paprocki	March 23, 2015 10:58PM
Re: disable file uploads	GreenGecko	March 23, 2015 11:16PM
Re: disable file uploads	GreenGecko	March 24, 2015 04:06PM
Re: disable file uploads	Francis Daly	March 24, 2015 04:38PM
Re: disable file uploads	Jonathan Vanasco	March 24, 2015 06:42PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 234

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018